Copyright (C) 2000-2005 Kern Sibbald
This program is free software; you can redistribute it and/or
- modify it under the terms of the GNU General Public License as
- published by the Free Software Foundation; either version 2 of
- the License, or (at your option) any later version.
+ modify it under the terms of the GNU General Public License
+ version 2 as amended with additional clauses defined in the
+ file LICENSE in the main source directory.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- General Public License for more details.
-
- You should have received a copy of the GNU General Public
- License along with this program; if not, write to the Free
- Software Foundation, Inc., 59 Temple Place - Suite 330, Boston,
- MA 02111-1307, USA.
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ the file LICENSE for additional details.
*/
/* Forward referenced functions */
void terminate_filed(int sig);
+static int check_resources();
/* Exported variables */
CLIENT *me; /* my resource */
#define CONFIG_FILE "./bacula-fd.conf" /* default config file */
-static char *configfile = NULL;
+char *configfile = NULL;
static bool foreground = false;
static bool inetd_request = false;
static workq_t dir_workq; /* queue of work from Director */
{
int ch;
bool test_config = false;
- DIRRES *director;
char *uid = NULL;
char *gid = NULL;
parse_config(configfile);
- LockRes();
- director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
- UnlockRes();
- if (!director) {
- Emsg1(M_ABORT, 0, _("No Director resource defined in %s\n"),
- configfile);
+ if (init_tls() != 0) {
+ Emsg0(M_ERROR, 0, _("TLS library initialization failed.\n"));
+ terminate_filed(1);
}
- LockRes();
- me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
- UnlockRes();
- if (!me) {
- Emsg1(M_ABORT, 0, _("No File daemon resource defined in %s\n"
-"Without that I don't know who I am :-(\n"), configfile);
- } else {
- my_name_is(0, NULL, me->hdr.name);
- if (!me->messages) {
- LockRes();
- me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
- UnlockRes();
- if (!me->messages) {
- Emsg1(M_ABORT, 0, _("No Messages resource defined in %s\n"), configfile);
- }
- }
- close_msg(NULL); /* close temp message handler */
- init_msg(NULL, me->messages); /* open user specified message handler */
+ if (!check_resources()) {
+ Emsg1(M_ERROR, 0, _("Please correct configuration file: %s\n"), configfile);
+ terminate_filed(1);
}
set_working_directory(me->working_directory);
free_config_resources();
term_msg();
stop_watchdog();
+ cleanup_tls();
close_memory_pool(); /* release free memory in pool */
sm_dump(false); /* dump orphaned buffers */
exit(sig);
}
+
+/*
+* Make a quick check to see that we have all the
+* resources needed.
+*/
+static int check_resources()
+{
+ bool OK = true;
+ DIRRES *director;
+
+ LockRes();
+
+ me = (CLIENT *)GetNextRes(R_CLIENT, NULL);
+ if (!me) {
+ Emsg1(M_FATAL, 0, _("No File daemon resource defined in %s\n"
+ "Without that I don't know who I am :-(\n"), configfile);
+ OK = false;
+ } else {
+ if (GetNextRes(R_CLIENT, (RES *) me) != NULL) {
+ Emsg1(M_FATAL, 0, _("Only one Client resource permitted in %s\n"),
+ configfile);
+ OK = false;
+ }
+ my_name_is(0, NULL, me->hdr.name);
+ if (!me->messages) {
+ me->messages = (MSGS *)GetNextRes(R_MSGS, NULL);
+ if (!me->messages) {
+ Emsg1(M_FATAL, 0, _("No Messages resource defined in %s\n"), configfile);
+ OK = false;
+ }
+ }
+ /* tls_require implies tls_enable */
+ if (me->tls_require) {
+#ifndef HAVE_TLS
+ Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
+ OK = false;
+#else
+ me->tls_enable = true;
+#endif
+ }
+
+ if ((!me->tls_ca_certfile && !me->tls_ca_certdir) && me->tls_enable) {
+ Emsg1(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for File daemon in %s.\n"),
+ configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (me->tls_enable || me->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ me->tls_ctx = new_tls_context(me->tls_ca_certfile,
+ me->tls_ca_certdir, me->tls_certfile, me->tls_keyfile,
+ NULL, NULL, NULL, true);
+
+ if (!me->tls_ctx) {
+ Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for File daemon \"%s\" in %s.\n"),
+ me->hdr.name, configfile);
+ OK = false;
+ }
+ }
+ }
+
+
+ /* Verify that a director record exists */
+ LockRes();
+ director = (DIRRES *)GetNextRes(R_DIRECTOR, NULL);
+ UnlockRes();
+ if (!director) {
+ Emsg1(M_FATAL, 0, _("No Director resource defined in %s\n"),
+ configfile);
+ OK = false;
+ }
+
+ foreach_res(director, R_DIRECTOR) {
+ /* tls_require implies tls_enable */
+ if (director->tls_require) {
+#ifndef HAVE_TLS
+ Jmsg(NULL, M_FATAL, 0, _("TLS required but not configured in Bacula.\n"));
+ OK = false;
+ continue;
+#else
+ director->tls_enable = true;
+#endif
+ }
+
+ if (!director->tls_certfile && director->tls_enable) {
+ Emsg2(M_FATAL, 0, _("\"TLS Certificate\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if (!director->tls_keyfile && director->tls_enable) {
+ Emsg2(M_FATAL, 0, _("\"TLS Key\" file not defined for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ if ((!director->tls_ca_certfile && !director->tls_ca_certdir) && director->tls_enable && director->tls_verify_peer) {
+ Emsg2(M_FATAL, 0, _("Neither \"TLS CA Certificate\""
+ " or \"TLS CA Certificate Dir\" are defined for Director \"%s\" in %s."
+ " At least one CA certificate store is required"
+ " when using \"TLS Verify Peer\".\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+
+ /* If everything is well, attempt to initialize our per-resource TLS context */
+ if (OK && (director->tls_enable || director->tls_require)) {
+ /* Initialize TLS context:
+ * Args: CA certfile, CA certdir, Certfile, Keyfile,
+ * Keyfile PEM Callback, Keyfile CB Userdata, DHfile, Verify Peer */
+ director->tls_ctx = new_tls_context(director->tls_ca_certfile,
+ director->tls_ca_certdir, director->tls_certfile,
+ director->tls_keyfile, NULL, NULL, director->tls_dhfile,
+ director->tls_verify_peer);
+
+ if (!director->tls_ctx) {
+ Emsg2(M_FATAL, 0, _("Failed to initialize TLS context for Director \"%s\" in %s.\n"),
+ director->hdr.name, configfile);
+ OK = false;
+ }
+ }
+ }
+
+ UnlockRes();
+
+ if (OK) {
+ close_msg(NULL); /* close temp message handler */
+ init_msg(NULL, me->messages); /* open user specified message handler */
+ }
+
+ return OK;
+}